Tenable Log Correlation Engine Clients

A key component of Tenable Log Correlation Engine, clients capture event data from a variety of sources and send that data to the Tenable Log Correlation Engine server for normalization. The Tenable Log Correlation Engine clients are installed on systems whose logs, network traffic, performance and other types of protocols and technologies are to be monitored by forwarding the data securely to the Tenable Log Correlation Engine server. Policies are assigned to the Tenable Log Correlation Engine clients, which govern the methods by which a client captures event data. For example, the Web Query Client is used to collect events from Salesforce, AWS CloudTrail, and Google Cloud Platform.

The following table lists the Tenable Log Correlation Engine clients that Tenable Network Security provides, and the operating systems supported by those clients. This table only lists clients that are compatible with the latest version of Tenable Log Correlation Engine.

Client Operating Systems
Tenable Log Correlation Engine Client for Windows and Linux
  • RHEL/CentOS
  • Tenable Core
  • FreeBSD
  • Debian
  • OS X
  • AIX
  • Solaris
  • HP-UX
  • Dragon
  • Fedora
  • Ubuntu
  • SuSE
  • Windows
OPSEC Client
  • RHEL/CentOS
Splunk Client
  • RHEL/CentOS
Tenable NetFlow Monitor
  • RHEL/CentOS
  • Tenable Core
Tenable Network Monitor
  • RHEL/CentOS
  • Tenable Core
Tenable RDEP Monitor
  • RHEL/CentOS
Tenable SDEE Monitor
  • RHEL/CentOS
Web Query Client
  • RHEL/CentOS
WMI Monitor Client
  • RHEL/CentOS

The Tenable Log Correlation Engine clients can be configured to gather information and events from the following sources:

  • Windows Event Logs (collected locally or remotely via WMI)
  • Windows/Linux/Unix system and application logs
  • Check Point OPSEC events
  • Cisco RDEP events
  • Cisco SDEE events
  • Cisco NetFlow
  • Splunk
  • Sniffed TCP and UDP network traffic (Tenable Network Monitor)
  • Sniffed syslog messages in motion
  • File monitoring (Linux, Unix, and Windows)

All data transmitted from Tenable Log Correlation Engine clients to the Tenable Log Correlation Engine server is encrypted using AES-256-CFB.